02-17-2023 01:44 PM
Hi Community,
I am seeing some issues when attempting to migrate some l2vpn circuits from IOS XE to IOS XR.
The layout is as follows:
(INT VLAN 1) ---- [IOS CPE 3650 CX] ---- (int gi0/1/1, service instance 1 ethernet encapsulation dot1q untagged) [IOS XE PE, ASR 900] ----> l2 mpls virtual circuit <---- [IOS XR P, ASR 9006] ---- (INT BUNDLE 2.5 dotq 5 rewrite ingress tag pop 1 symmetric) [IOS XR EDGE, ASR 9006] --- (INT BUNDLE 10.5 dot1q 5 )
My l2vpn / mpls pseudowire is established (showing up on both the 9006 and 900 transport routers) but the layer 2 is not establishing. I see the following error messages on my CPE when it establishes:
Feb 17 20:21:32.245: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 5 on GigabitEthernet1/0/8 VLAN1.
Feb 17 20:21:32.245: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/0/8 on VLAN0005. Inconsistent peer vlan.
Feb 17 20:21:32.245: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet1/0/8 on VLAN0001. Inconsistent local vlan.
Feb 17 20:21:32.248: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
It as if the rewrite to untagged is not taking effect properly on the transport IOS XR router and it is still sending the VLAN 5 to the CPE router.
If I use this same setup, but instead use an IOS XE router for the P router, I do not have the errors, and I can establish layer 2 back to the edge router.
Solved! Go to Solution.
03-09-2023 09:04 AM - edited 03-09-2023 09:05 AM
You have two options
- block the BPDUs on the Nexus VPC switch using BPDU filter
or
- block BPDUs on the P router using ethernet-services ACL
I would prefer the second option. In both cases the filtering applies on all BPDUs, you can not filter out single VLAN BPDUs.
02-17-2023 01:50 PM
as I know the L2VPN not support untage VLAN.
02-17-2023 01:53 PM
I also have tried it this way:
(INT VLAN 1) ---- [IOS CPE 3650 CX] ---- (int gi0/1/1, service instance 1 ethernet encapsulation dot1q untagged, rewrite ingress tag push dot1q 5) [IOS XE PE, ASR 900] ----> l2 mpls virtual circuit <---- [IOS XR P, ASR 9006] ---- (INT BUNDLE 2.5 dotq 5) [IOS XR EDGE, ASR 9006] --- (INT BUNDLE 10.5 dot1q 5 )
I will get the same message, but if I move back to an IOS XE A900 being the P router, with the equivalent config, it will establish.
02-17-2023 02:00 PM
rewrite ingress tag push dot1q 5 symmetric <<- add symmetric to push,
02-17-2023 02:03 PM
Hiya - sorry I left that off of my description. I double-checked and I do have the 'symmetric' keyword on my command already. Good catch, though.
02-17-2023 02:23 PM
I am mainly running into this issue on those that are looking for encapsulation untagged from the customer side, then trying to rewrite to a tagged interface on our P or PE routers.
02-17-2023 02:28 PM
show evpn internal-label <<- can I see it in IOS XR (P) ?
02-20-2023 05:59 AM - edited 02-20-2023 05:59 AM
That output is blank, but I believe it is because we are using the l2vpn configuration for our p2p circuits.
Here is an example for the circuit on each:
P (IOS XR)
l2vpn
xconnect group all
p2p Test
interface Bundle-Ether8.5
neighbor ipv4 1.2.3.4 pw-id 5
!
description /30 Xconnect from P to PE
!
interface Bundle-Ether8.5 l2transport
description /30 Xconnect from P to PE
encapsulation dot1q 5
mtu 2012
!
PE (IOS XE)
interface GigabitEthernet0/1/1
description Test Xconnect /30 from PE to P
mtu 1998
no ip address
shutdown
negotiation auto
no keepalive
service instance 1 ethernet
description Data xconnect
encapsulation untagged
rewrite ingress tag push dot1q 5 symmetric
xconnect 4.3.2.1 5 encapsulation mpls
!
02-28-2023 08:51 AM
Hope (INT VLAN 1) ---- [IOS CPE 3650 CX] is having access port. If it is access port then it always expect IEEE BPDU from far end.
When processing received BPDU on access-port, it must be IEEE standard BPDU otherwise a type inconsistent state is declared.
03-08-2023 09:52 AM
Thanks everyone - it is a VLAN 1 interface. The remote side is a different tag, but I am trying to perform a tag swap using the PE router EFP.
This is accepted & works without issue to transition the VLAN to untagged on IOS XE, but when I use the IOS XR to do the same thing, the issue occurs.
03-08-2023 10:27 AM
I think right from the beginning this is working, seems to me your problem is with STP.
What type of STP do you have on both sides?
Diego
03-08-2023 11:04 AM - edited 03-08-2023 11:05 AM
Hi @diefierr ,
We have the default STP settings. On the CPE, we are running rstp. We are also running rstp on the remote side.
03-08-2023 11:38 AM
Right, so you trying to connect vlan "1" with vlan 5, and while traffic will work just fine, you having an STP problem. Is it possible to you to try filtering STP packets on each side? Or at least try doing it on IN / Out on XR side with an ethernet filter.
Diego
03-08-2023 11:48 AM
@diefierr I am not immediately familiar with this, but I imagine it is possible. I will follow up shortly once I have done some testing.
Do you have any examples to go off of that I can use as a boilerplate?
03-08-2023 01:55 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide